4

I have made a basic login form for an experiment and tried to login by using cURL. I am working with php. I have ensured that nobody can enter the main index.php page without login (authentication). But now when I tried to get access with cURL I got it. I think there msut be a problem in my login and session handling codes. I have tried my best but did not get any solution. Please help to solve this problem.

Thanks in advance.

1. This is the session handling code resides in session.php

<?php
class session{
    public static function init(){
        session_start();
    }
    public static function set($key,$value){
        $_SESSION[$key] = $value;
    }
    public static function get($key){
        if (isset($_SESSION[$key])) {
            return $_SESSION[$key];
        }
        else{
            return false;
        }
    }
    public static function cheaksession(){
        self::init();
        if(self::get("login") == false){
            self::destroy();
            header("Location: login.php");
        }
    }
    public static function destroy(){
        session_destroy();
    }
}

?>

2. This is the login form code resides in login.php

<?php 
include "lib/session.php"; 
session::init();
?>
<?php include "lib/Database.php"; ?>
<?php include "helpers/format.php"; ?>
<?php 
  $db = new Database();
  $fm = new format();
?>
<?php  

    $err = 0;
    if ($_SERVER['REQUEST_METHOD'] == 'POST' ) {
      $username = $fm->validation($_POST['username']);
      $password = $fm->validation($_POST['password']);

      $username = mysqli_real_escape_string($db->link,$username);
      $password = mysqli_real_escape_string($db->link,$password);

            if($username == 'fahad' && $password == '1234') {
                  session::set("login",true);
          session::set("username",$username);
          session::set("userId",1);
          header("Location: index.php");
            }
      else{
            $err = 1;
      }

    }
?>

3. This is the home page code for session checking resides in index.php

<?php 
      include "lib/session.php"; 
            session::cheaksession();
?>

4. Here is the cURL code of attack

<?php

    $ch = curl_init();

    curl_setopt($ch,CURLOPT_URL,'http://localhost/Hackalgo/DummySite/index.php');

    curl_setopt($ch, CURLOPT_HEADER, 0);

    curl_exec($ch);

    curl_close($ch);
?>

By executing this script I am crawling the html page of index.php mentioned just above in (3). But in index.php (3) there is a session checker method which should compel me to go in the login page login.php mentioned in (2) . But it is not working and the index.php (3) is crawled without any authentication in login page (2).

S. M. Fahad Ahmad
  • 379
  • 1
  • 2
  • 11
  • 1
    What do you expect to happen and what happens instead? – Peter Apr 07 '18 at 14:32
  • 2
    I want to stop entering the main site without login but by using curl I am getting access to it. – S. M. Fahad Ahmad Apr 07 '18 at 14:47
  • 1
    I don't understand what you mean by "getting access to it". With the code you've shown there is no way that this curl script produces any output, so I'm not sure how you would even decide if "it" is working or not, whatever that may be. – Peter Apr 07 '18 at 14:56
  • But it is producing output and I am not understanding why – S. M. Fahad Ahmad Apr 07 '18 at 16:48

1 Answers1

1
  1. curl does not follow redirects by default.
  2. There is nothing that stops PHP from executing after the cheaksession call.

Call exit() or so after sending the Location header.

Peter
  • 29,454
  • 5
  • 48
  • 60